Jump to content
Fabian Näf

Authentication outside of "Allowed IP Ranges" with SAML2

Recommended Posts

Hi 

 

I just configured Passwordstate to authenticate with SAML2, and this works great from internal.

In Passwordstate I configured our internal IP ranges as "Allowed IP Ranges".  I set the option of "If the Passwordstate web site is accessed outside of one of the IP Ranges listed above, force the user to authenticate using the following method" also to SAML2 but with an other Time Out.

 

If we access Passwordstate now from a not-"Allowed IP Range", I have to authenticate using ADFS and then I have to authenticate again using the Anonymous-Default-Passwordstate Form.

If I remove all entries in "Allowed IP Ranges" it works from any IP Range with only one authentication, but then I have the default Timeout.

 

Do you now this behavoir is there a fix for this?

 

Best regards,

 

Fabian

Share this post


Link to post
Share on other sites

Hi Fabian,

We'll need to investigate this to see if there's anything we can do. Can you provide a screenshot of what authentication screen you are seeing after the SAML auth?

Regards

Click Studios

Share this post


Link to post
Share on other sites

Hi 

 

I just have some additional informations: 

When I wrote about not-"Allowed IP Range", I tested from outside of our company, over the WAP-Publishing. This WAP-Publishing made the SAML-Authentication.

Now I just tested from an internal IP Range which is not configured as "Allowed IP Range" (so I don't connect over WAP). If I do this, I directly come to the Anonymous-Default-Passwordstate Form (screenshoted in my last post). I also opend de developer-tools in my browser and I have seen, that there's no communictation to our ADFS-Server.

 

From this point, it seams, that SAML2 authentication is not working from a not-"Allowed IP Range".

 

Best regards,

 

Fabian

Share this post


Link to post
Share on other sites

Hi Fabian,

 

Another quick message to say we have also fixed this issue in a build of Passwordstate we released today, build 7883.  Thanks again for reporting this, and please let us know if you have any more issues with this.

 

Regards,

Support.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×